Method And Computer Program Product For Providing Authentication To Control Access To A Computer System Using Interaction With An Output

ABSTRACT

A system and method for authentication to control access to a computer system includes receiving a first input from a measuring device formed as part of a mobile computing and/or communication device, and comparing the first input to a previously measured and recorded input. If the first input is equivalent to the previously measured and recorded input, an output may be created on the mobile device, which may be in the form of displaying dynamic images or playing audible sounds. At any moment in time during the output, a second input may be made and compared so that, if the second input occurs at a time equivalent to a predetermined time in the output, access to the second computer system is permitted.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. Ser. No. 15/675,962, filedAug. 14, 2017, which is a divisional of U.S. Ser. No. 14/123,594, filedDec. 3, 2013, which is a U.S. National Stage Application ofPCT/IB2012/001073, filed Jun. 1, 2012, which claims priority to BritishApplication No. 1109311.9 filed Jun. 3, 2011 and British Application No.1115292.3 filed Sep. 5, 2011.

BACKGROUND OF THE INVENTION

The present invention relates to a method and computer program forproviding authentication to control access to a computer systemincluding online services accessed via a portal, cloud-based systems andbrowser accessed systems using for example HTML5, and relatesparticularly, but not exclusively, to authentication systems for mobilecomputer and telecommunications devices.

The use of authentication systems to control access to computer systemsis well known. The most regularly used systems are alphanumericpasswords that are typed into a computer device to identify andauthenticate a user and permit or deny access to a computer system. Theuse of such passwords has the disadvantage that they are subject tosecurity weaknesses, including “key logging”, where key presses on akeyboard are monitored and the entering of passwords identified and“shoulder surfing” where a person looking over the shoulder of acomputer user watches the password that is entered. Such alphanumericpassword systems can also create difficulties for Users where differentkeyboard layouts are standard in different countries. Other knownauthentication systems include those that only utilize on screenimagery, avoiding a user's need to press keys. However, such systems canstill be vulnerable to shoulder surfers. Such systems are particularlyvulnerable to shoulder surfing when applied to mobile computing andtelecommunication devices. In an example of such a system, a userincludes photographs of people they know into a series of stockphotographs of people they don't know. A group of these photographs isdisplayed on screen and the user identifies the person they know fromthe people they do not know. However, the system has the disadvantagethat the user's photographs can be obviously different from the stockphotographs making it straight forward in some cases to identify thenon-stock photograph.

It is well known to create authentication systems where a series ofauthentication steps must be undertaken. However, each step is timeconsuming that can create frustration in a user.

It is also the case that many access control systems are unsuitable for,or difficult to use for, people who are visually impaired. In particulartouch-screen devices are difficult to use.

Biometric control systems require the presence of a biometric readerwhich is specifically programmed for an individual user and is onlyapplicable for the programmed device which does not allow user accessvia remote or secondary access points.

It is also the case that in mobile computing and telecommunicationdevices, access to users of these devices can often be controlled bytelecommunication companies thereby making it difficult for advertisersto access potential customers. Furthermore, audio, and particularlyvideo, advertising can be easily ignored and this is particularly thecase on mobile computing and telecommunication devices which are bytheir very nature small and therefore must attract the attention of theuser unlike, for example, television and cinema advertising which isdifficult to ignore.

Preferred embodiments of the present invention seek to overcome theabove disadvantages of the prior art.

According to an aspect of the present invention, there is provided amethod of providing authentication to control access to a computersystem comprising the steps:

receiving at least one first input from at least one measuring deviceformed as part of a mobile computing and/or communication device;

comparing said first input to a previously measured and recorded input;and

if said first input is equivalent to said previously measured andrecorded input, subject to predetermined error factors, access to afirst computer system is permitted.

By providing an authentication method for a mobile device that utilisesan input from a measuring device and compares that input to a previouslymeasured and recorded input, the advantage is provided that theauthentication method is quite different from those of the prior artthereby overcoming problems of the prior art. In particular, this methodmakes it particularly difficult for people trying to gain unauthorisedaccess to the computer system to identify the key steps in theauthentication process. In particular, shoulder surfing, a particularproblem for mobile computing devices, becomes extremely difficultbecause in many circumstances it is not clear to anyone other than theauthorised user of the mobile device that an authentication step isbeing undertaken. Furthermore, the use of non-alphanumeric pass codes iseasier for user to remember and is particularly import for userssuffering with dyslexia who struggle to remember alphanumeric.

The method may further comprise creating an output on said mobiledevice, said output comprising displaying, on a display portion of saidmobile device, a series of dynamic images and/or playing, through anaudio output portion of said mobile device, a series of sounds;

at a moment in time during said output making at least one second input;and

if said second input occurs substantially at a time equivalent to apredetermined time in said output, access to a second computer system ispermitted.

By using a series of dynamic images or sounds and having a moment intime as an authentication step, the advantage is provided that incombination with a measured input and both authentications running on amobile device, security is significantly improved. It is particularlydifficult for a third party attempting to identify the authenticationmethod used to shoulder surf since the combination of the two separateauthentication steps can be very difficult to observe from a third partypoint of view. Furthermore, the two authentication steps can beundertaken very quickly with start if one step also acting at the endingpoint of the other step. For example, a video file can be used in thefirst authentication step and the authorization is allowed depending onthe time of the interruption. If the interrupting act can be the secondauthentication step then the total time required to complete theauthentication steps is not that great compared to the increasedsecurity of two authentication steps. It is also the case that shouldersurfing two such steps that happen in such quick succession is verydifficult, further enhancing the security provided.

In a preferred embodiment the first input comprises an input taken fromthe environment in which the mobile device is located.

By taking the input from the environment in which the mobile device islocated provides the advantage that it further complicates theauthentication for unauthorised third parties trying to access acomputer system using a mobile device. Further examples of theenvironmental factors are set out below together with examples of theadvantages that they provide.

In a preferred embodiment the first input comprises measurements takenby at least one accelerometer and/or gyroscope relating to the movementof the mobile device in a predetermined manner.

By using measurements taken from an accelerometer, gyroscope or magneticorientation device, the advantage is provided that the movement orpositioning of the mobile device or access point can be recordedallowing a series of movements that, like a signature, are easy for theperson who originally recorded them to reproduce but are difficult foranyone else to reproduce.

In a preferred embodiment the first input comprises measurements takenby at least one accelerometer and/or gyroscope relating to the holdingof the mobile device in a predetermined orientation.

In another preferred embodiment the first input comprises measurementstaken by a light measuring device relating to at least one colour.

In a further preferred embodiment the first input comprises a series ofcolours.

The use of colour, in particular a series of colours, provides theadvantage that an imaging device or camera, present on many mobilecomputing and telecommunication devices, can be used as part of theauthentication process. Because it is necessary to move the mobiledevice or colour substrate around in order to identify the sequence ofcolours, it is difficult for an unauthorised person to identify at whatpoint colours are being selected and at what point the phone or coloursubstrate is simply being moved from or between one colour and the next.

In another preferred embodiment the first input comprises measurementstaken by light measuring device relating to at least one movementdetected by said light measuring device.

Movement of a person in front of a camera is somewhat like movement of amobile device containing an accelerometer in that the movement is easyto consistently reproduce for a person after the first recording but isdifficult for a third party to reproduce in the same way.

In another preferred embodiment the computer system comprises softwareand/or hardware.

According to another aspect of the present invention, a computer programfor providing authentication to control access to a computer systemcomprising:

first computer code receiving at least one first input from at least onemeasuring device formed as part of a mobile computing and/orcommunication device;

second computer code for comparing said first input to a previouslymeasured and recorded input; and

third computer code for determining if said first input is equivalent tosaid previously measured and recorded input, subject to predeterminederror factors, permitting access to a first computer system.

According to a further aspect of the present invention, a computerprogram product for providing authentication to control access to acomputer system, the product comprising a computer readable memory and acomputer program comprising:

first computer code receiving at least one first input from at least onemeasuring device formed as part of a mobile computing and/orcommunication device;

second computer code for comparing said first input to a previouslymeasured and recorded input; and

third computer code for determining if said first input is equivalent tosaid previously measured and recorded input, subject to predeterminederror factors, permitting access to a first computer system.

According to an aspect of the present invention, there is providedmethod of providing authentication to control access to a computersystem comprising the steps:

creating an output on computing device, said output comprisingdisplaying, on a display portion of said computing device, a series ofdynamic images and/or playing, through an audio output portion of saidcomputing device, a series of sounds, said output further comprising anadvertisement;

at a moment in time during said output making at least one input; and

if said input occurs substantially at a time equivalent to apredetermined time in said output, access to said computer system ispermitted.

By using an advertisement provides the advantage that the user of thecomputer device is obliged to be forced to watch or listen to theadvertisement. In many other situations, advertisers cannot guaranteethat users will watch the advertisement and cannot be sure that theadvertisement has been watched. In the present invention, the inputindicates that the advertisement was watched. This in turn leads tofurther potential advantages including rewarding a user for watching anadvertisement and improve targeting of advertising while employing theadvertisement as an authentication tool.

In a preferred embodiment the computing device comprises a mobilecomputing and/or communication device.

By using a mobile computing or telecommunication device as a computingdevice, the advantage is provided that advertisers can gain directaccess to customers via the mobile devices. It is commonplace, inparticular for mobile telephones, to have the advertising display onthem controlled by the mobile phone operating companies. As a result,advertisers struggle to gain a direct connection to potential customersin particular where feedback from the customer, for example, whichadvertisements are viewed, is available. Furthermore, due to the size ofthe screen on a mobile computing device, it is easy for a user to ignorean advertisement that is being displayed.

In a preferred embodiment the output comprises a series of dynamicimages and a series of sounds and said dynamic images are not matchedwith said sounds and said predetermined moment in time is determined onone of said series of dynamic images or said series of sounds.

Where a series of sounds and a series of dynamic images are used at thesame time but the timing of the authentication step is taken from oneonly, the advantage is provided that the parties attempting to identifythe authentication step cannot tell which of the images or sounds isbeing used. This is particularly useful for mobile computing deviceswhere images are often used and headphones worn, making it extremelydifficult for a shoulder surfer to identify the authentication step.

In a preferred embodiment the series of dynamic images is a video.

In another preferred embodiment series of sounds is an audio track.

In a further preferred embodiment a user of said computer device isrewarded for using said authentication method.

By rewarding a person for using an advertisement as part of theirauthentication process provides the advantage that the advertiser canensure that potential customers are viewing their advertisements andconfirm that a viewing has taken place.

In a further preferred embodiment the user authorizes information aboutcomputer systems the use of said authentication method provides accessto be fed back to a third party.

By feeding back information about the sites where a user goes upon usingthe authentication method, an advertiser is able to build up a profilerelating to that user and target advertising most effectively.

According another aspect of the present invention, there is provided acomputer program for providing authentication to control access to acomputer systems comprising:

first computer code for creating an output on computing device, saidoutput comprising displaying, on a display portion of said computingdevice, a series of dynamic images and/or playing, through an audiooutput portion of said computing device, a series of sounds, said outputfurther comprising an advertisement;

second computer code for at a moment in time during said output makingat least one input; and

third (see comments above) computer for determining if said input occurssubstantially at a time equivalent to a predetermined time in saidoutput, permitting access to said computer system.

According to a further aspect of the present invention, there isprovided a computer program product for providing authentication tocontrol access to a computer system, the product comprising a computerreadable memory and a computer program comprising;

first computer code for creating an output on computing device, saidoutput comprising displaying, on a display portion of said computingdevice, a series of dynamic images and/or playing, through an audiooutput portion of said computing device, a series of sounds, said outputfurther comprising an advertisement;

second computer code for at a moment in time during said output makingat least one input; and

third (see comments above) computer for determining if said input occurssubstantially at a time equivalent to a predetermined time in saidoutput, permitting access to said computer system.

According another aspect of the present invention, there is provided amethod of providing authentication to control access, comprising thesteps:

creating an output on said mobile device, said output comprisingdisplaying, on a display portion of said mobile device, a series ofdynamic images and/or playing, through an audio output portion of saidmobile device, a series of sounds

receiving at least one input from at least one measuring device;

comparing said input to a previously measured and recorded input; and

if said first input is equivalent to said previously measured andrecorded input, subject to predetermined error factors, and said inputoccurs substantially at a time equivalent to a predetermined time insaid output, access is permitted.

According to a further aspect of the present invention, there isprovided computer program for providing authentication to controlaccess, the program comprising:

first computer code for creating an output on said mobile device, saidoutput comprising displaying, on a display portion of said mobiledevice, a series of dynamic images and/or playing, through an audiooutput portion of said mobile device, a series of sounds

second computer code for receiving at least one input from at least onemeasuring device;

third computer code for comparing said input to a previously measuredand recorded input; and

fourth computer code for determining if said first input is equivalentto said previously measured and recorded input, subject to predeterminederror factors, and said input occurs substantially at a time equivalentto a predetermined time in said output, permitting access.

According to a further aspect of the present invention there is providedan authentication method for entry control comprising the steps of:

using at least one data capture device to capture first data relating toat least one object located adjacent said device;

testing said first data against at least one first standard to determinea first match;

converting said first data into at least one first image and displayingsaid at least one image on a display device;

recording second data relating to a user interaction with said image;

testing said second data against at least one second standard todetermine a second match; and

allowing or denying access on the basis of said first and secondmatches.

By providing an authentication method involving the steps set out aboveprovides the advantage of improving the security in authenticationmethods. In particular, the authentication method includes two linkedsteps. These steps include the first step which requires the user tohave an authentication key, for example an image that can be recognisedor a biometric of the user that can be measured. The next step requiressomething that the user knows, for example what part of the image thatwas created in step one, must be traced over to produce the second data.As a result, obtaining the key is not sufficient to complete theauthentication process and similarly knowing the interaction that isrequired will not complete the authentication. In a system wheremultiple users can obtain access using their own authentication,obtaining one person's key and another person's knowledge will not, inthe present invention, allow access to the system since the twoauthentication steps are linked to each other.

Furthermore, the linkage between the two steps acts as a prompt for theuser without compromising security. For example, in a system of theprior art combining a biometric scan such as face recognition with analpha numeric code entry, a user is prompted to the facial scan and thealpha numeric code requiring them to remember the code that isassociated with the facial recognition step in the method of the presentinvention, the image of the users face prompts them to, for example,trace a shape over a predetermined portion of the face. As a result, theuser is prompted for the second step with the assistance of the firststep. This makes it much easier for user to remember multipleauthentication combination for multiple systems. This decreases thelikelihood of a user using the same password for multiple systems, sincea different, for example, biometric, can be used as the firstauthentication step with the resultant image associated with thatbiometric prompting the user to enter the second step.

In a preferred embodiment the data capture device is a biometric scannerand said object is at least a part of a body.

In another preferred embodiment the data capture device is anelectromagnetic wave recording device.

In a further preferred embodiment the electromagnetic wave recordingdevice comprises a camera.

In a preferred embodiment the first data is converted into a first videoimage.

In another preferred embodiment the second data comprises a second imagetraced on said display device.

In a further preferred embodiment the display device is a touch screendevice and said second image is trace on said display device by touchingsaid touch screen device.

By tracing a second image on a display device, in particular using atouch screen device, to produce the second data, the advantage isprovided that the second authentication step can be very quick inparticular since the user can anticipate the image that is to bedisplayed making it easy for them to recall the second authenticationstep.

In another preferred embodiment the second image is traced on saiddisplay device using a pointing device.

In a preferred embodiment the second data comprises a gesture made infront of a camera.

In another preferred embodiment the data capture and testing takes placeon a first device that transmits data including data identifying itselfto a second device that allows access.

According to another aspect of the present invention there is provided acomputer program to provide entry control comprising:

first computer code for using at least one data capture device tocapture first data relating to at least one object located adjacent saiddevice;

second computer code for testing said first data against at least onefirst standard to determine a first match;

third computer code for converting said first data into at least onefirst image and displaying said at least one image on a display device;

fourth computer code for recording second data relating to a userinteraction with said image;

fifth computer code for testing said second data against at least onesecond standard to determine a second match; and

sixth computer code for allowing or denying access on the basis of saidfirst and second matches.

In a preferred embodiment the first computer code controls a biometricscanner and said object is at least a part of a body.

In another preferred embodiment the first computer code controls anelectromagnetic wave recording device.

In a further preferred embodiment the electromagnetic wave recordingdevice comprises a camera.

In a preferred embodiment the third computer code converts said firstdata into a first video image.

In another further preferred embodiment the second data comprises asecond image traced on said display device.

In a further preferred embodiment the display device is a touch screendevice and said second image is trace on said display device by touchingsaid touch screen device.

In a preferred embodiment the second image is traced on said displaydevice using a pointing device.

In another preferred embodiment the second data comprises a gesture madein front of a camera.

In a further preferred embodiment the data capture and testing takesplace on a first device that transmits data including data identifyingitself to a second device that allows access.

BRIEF DESCRIPTION OF THE DRAWINGS

Preferred embodiments of the present invention will now be described, byway of example only, and not in any limitative sense, with reference tothe accompanying drawings in which:

FIG. 1 is a flow chart showing the steps undertaken in the execution andthe method of the present invention;

FIG. 2 is a schematic representation of the apparatus used to utilisethe method set out in FIG. 1;

FIGS. 3, 4 and 5 are examples of screen displays used in the method ofthe present invention;

FIG. 6 is a schematic representation of the method of the presentinvention;

FIG. 7 is a schematic representation of the apparatus used in a methodof the present invention;

FIG. 8 is a flow chart showing the steps undertaken in theauthentication method of the present invention; and

FIG. 9 is a schematic representation of the inputs that can be used inthe implementations of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

Referring to FIG. 2, a method of providing authentication to controlaccess to a computer system including online services accessed via aportal, cloud based systems and browser accessed systems using forexample HTML5, utilises computer device 10. This device 10 can be astandard computer device such as a personal computer, a laptop computeror notepad computer. The device 10 can alternatively be a portablecomputing device such as a tablet computer or other handheld computingdevice or may indeed be a mobile telecommunication device such as amobile telephone. The computer device 10 is in communication withfurther computing devices 12 in the form of a server, a server cloud, ora network of computers such as the internet.

Referring to FIG. 1, a method of providing authentication to controlaccess to a computer system starts at step 14. It should be noted thatthe computer system that the authentication method controls access tocan be computer software, can be computer hardware and can be acombination of hardware and software, the software or hardware can be asingle device or can be more than one device that is connecting toanother device via a network including online services provided over theinternet, including protecting access to a webpage or email system. Atstep 16, an output is created and output using the computer device. Theoutput may be created on computer device 10 or may be created on server12 and transferred to computer device 10 for display. The output may bein the form of a series of dynamic images that are displayedconsecutively on the display device, for example a screen, fainting partof computing device 10. The output may also, or alternatively, be aseries of sounds that are output through an audio output portion, forexample a speaker or headphones, of or connected to computer device 10.More typically, the series of dynamic images is a video and the seriesof sounds is an audio track, preferably both video and audio are usedwith one being randomly selected from a list of clips known the user andthe other randomly selected from a library making very difficult fornon-authorised users to know which is being used in the authenticationstep. At step 18, an input is made to the computer device 10 by the userof that device. The timing of the input is tested at step 20. If thetiming of the input occurs substantially at a time equivalent to apredetermined time in said output access to the computer system ispermitted. If the timing is not substantially equivalent to apredetermined time in the output, the authentication fails and theauthentication process restarts at step 14.

The input to the computer device 10 may be in one of many forms. At itsmost simple, the input may be a single press of a key, a click of amouse, or touch of the screen. For these inputs, a furtherauthentication step is generally required to provide the required levelof security.

However, the input may alternatively be a measurement taken using thecomputing device. This is particularly the case for a mobile computingdevice that may contain various measuring devices such asaccelerometers, gyroscope, magnetic orientation measuring devices, GPSlocation measuring devices, audio measuring devices and light measuringdevices including cameras, spectrometers or photometers. Other measuringdevices are also envisaged to be used as part of the present invention.The input from the measuring device is compared to the previouslymeasured and recorded input subject to predetermined error factors, acomparison made if the input is equivalent to that previously measuredand recorded, determined at step 22. If the input from the measuringdevice is sufficiently equivalent to the previously measured andrecorded input, the input authentication passes and access is allowed tothe computer system or online service at step 24. However, if the inputauthentication is not successful, the authentication restarts at step14.

It should be noted that this input may be a second input after the firsttiming input that is tested at step 20 or may indeed be the same input,the timing of which is tested at step 20 and the authentication of whichis tested at step 22. The output is most preferably a video output inthe form of an advertisement. The advertisement may be accompanied by anaudio track and this audio track may match the video, for example, aspart of the advertisement. However, the audio track may be different(e.g., audio selected from a second advertised product/service) andtherefore the timing step can relate to either the predetermined momentin the video or the predetermined moment in the audio track. This can beachieved by providing video and audio tracks from a known selection thatthe user can easily identify as those that form part of theirauthentication process. Other random video and audio tracks may also beplayed. As a result, it will be apparent to the user whether they aremaking their timed input on the video or audio track. However, to acasual observer it is not apparent which is being used.

Where an advertisement is used as the output, information about thedestination to which the authentication process allowed access can befed back to the third party in order to build up a profile of the personundertaking authentication steps. This can allow an advertiser to directsuitable advertisements to a person.

As an incentive to encourage users to accept advertisements as theoutput as part of the authentication process, a reward system can beinstigated. This can be a direct monetary reward for each advertisementviewed. Alternatively, this can be in the form of points which can beused to make purchases or provide discounts or be transferred to otherusers within an online marketplace structure.

A further example of one of the inputs received at step 18 is shown inFIG. 3, in which a mobile computing device 28 has a touch screen 30. Thescreen is divided into two portions including a display portion 32 inwhich a video output is displayed and an input portion 34. As oneexample, the input portion 34 includes a slider member 36 that can beslid across the screen. When a user touches the slider portion 36 andmoves their finger from right to left, the icon shown as slider member36 appears to move across the screen. The input relating to thisoperation is recorded as the rhythm of the sliding. In other words, theslider member is moved backwards and forwards from right to left andback again in a predetermined and pre-recorded pattern as decided by theuser. In order to create correct input during the input authenticationstep 22, the rhythm of the sliding motion previously recorded must bereproduced. The combination of authentication inputs, that is the timingof interruption to start reproducing the rhythm of the slider movement,provides a very high level of authentication security.

Further examples of the input authentication step are listed below. Theinput authentication step could be a time and pointing based interactionwith a video clip using a pointing device to point at a predeterminedpart of an image on screen at a predetermined time. The inputauthentication step could also be replicating a predetermined motion infront of a camera or in a system. The input authentication step couldfurther be inputting a predetermined sequence of audio inputs such as apitch or voice characteristic. The input authentication step could beonly allowing authentication when the device is inside or alternativelyoutside, a predetermined GPS-determined zone or area. The inputauthentication step could be performing a predetermined action at aspecific time relative to sounds played to the user including3-dimensional placement of sounds played to a user preferably throughheadphones. The user can authenticate themselves by interacting with thesound patterns, such 3-dimensional sounds being of particular use tovisually impaired users. The input authentication step could beperforming a predetermined action using when a specific colour orsequence of colours is displayed on the device. The input authenticationstep could be performing a predetermined action in response to apredetermined vibration or series of vibrations. The inputauthentication step could also be tapping on the touch screen at apredetermined time and position where the device recognizes a resonanceor timbre signature. The input authentication step could further bevibration at any frequency including LF, RFID, NFC, or digitizedbiological signature.

Referring to FIG. 7, a data capture device, for example digital camera100 is connected to a data processing device 102 that is in turnconnected to a display device 104. The camera 100, processor 102 anddisplay device 104 may be separately housed components connected bywired or wireless means to operate in conjunction with each other.Alternatively, these items may be formed as a single device as part of,for example, a mobile telephone or other communication device, labelled106. The display device 104 includes a second data capture device, inthe form of touch sensitive screen 108 which feeds data back to dataprocessor 102.

Referring also to FIG. 8, camera 100 captures data relating to an object110 or 112 that is located adjacent camera 100 (step 120). This firstdata is transferred to data processor 102 and compared to a firststandard (step 122) to determine whether there is a match. Thiscomparison of the first data, which is in the first instance image data,with a standard image utilises known image comparison techniques. Thetechniques used, which are familiar to those skilled in the art, dependon the type of object 110 or 112 in question. The schematicrepresentation of an object at 110 represents an object that acts as akey as a result of its shape or surface decoration. The articlerepresented at 112 represents a body part of a user that similarly actsas a key by measuring a biometric variable of that body part, forexample a face utilising face recognition software in 20 comparison step122.

At step 124, it is determined whether there is a match between the firstdata captured by device 100 and the first standard data as determined inthe comparison step 122. If no match is found, the authentication isrejected at step 126 and any further access to the system that theauthentication process is protecting is prevented. However, if a matchis found further authentication steps are undertaken including step 128in which the first data is converted into image data and displayed onscreen 104. This conversion of first data at step 128 may be simply theconversion of the first data into image data to be displayed on screen104, for example where camera 100 is a visible light camera thedisplayed image may be simply that captured by the camera. Alternativeembodiments of the invention where further data processing takes placeare set out below.

The display of the image on screen 104 prompts the user to interact withthe image thereby inputting second data at step 130. In this example,the interaction uses the touch screen input 108 to trace a shape over aportion of the image displayed on display device 104. For example, ifthe captured image is of the users face, the second data input could betracing circles around the eyes and a smiling curve over the mouth. Thecaptured second data is compared to a second standard at step 132 and amatch is determined at step 134. If a match is not found in thecomparison step 132, the authentication is rejected at step 126.However, if a match is found access is allowed at step 136.

The above example is a simple example of the linked two stepauthentication process. However, various alternatives to these steps andthe devices used to undertake those steps are possible. For example, thedata capture device 100 could be other devices than the camera suggestedin the above embodiment. The data capture device could be any devicecapable of measuring electro-magnetic waves to produce an image, forexample infra-red cameras which are particularly used for measuringbiometrics, UV cameras and the like. Equally, any other biometricmeasuring device could be used including fingerprint scanners, irisscanners, retina scanners and the like. Further example include using amicrophone to capture sounds including voice recognition or recognisinga sound (such as hitting metal on wood) or pitch inputs such asproducing a specific note with a voice or musical instrument or someother way.

The object 110 can be any suitable object including a key card thatincludes on it a barcode or other similar data image that is readilyrecognised by the data capture device 100 and processor 102. Such a cardcould be an ID card but could also be a card with a single colour of avery specific shade or series of such cards.

In the conversion of the first data into an image set out above thecaptured data using a digital camera is converted into a photographicimage. However, this conversion may also include the manipulation ofthis image to include other items which then form part of theinteraction with the resultant image that leads to the capture of seconddata at step 130. Furthermore, the displayed image may be a moving imagebased on captured video images of the first data. In this instance, thecomparison of first data to the first standard may be comparing a seriesof shapes, displayed in a predetermined order to a video camera and thesecond data may be receiving an input at a certain point during thereplay of that video image. It should be noted that the video imagecreated from the first image could be a 3D image, either single frame orvideo, and that 3D image could be created by 3D filming or photographyor by creating an enhanced image with a 3D image element from 2D imageor video captured as the first data. Furthermore, the interaction withthe 3D image or video can then be a 3D interaction, for example using aninput controller to draw an imaginary line around an object in the 3Dspace.

The display of the first data may include an augmented reality where theimage or images captured in the first data are manipulated into anaugmented reality to form part of an image or video image so produced.

The recording of second data may be using any input apparatus availableto the user including manipulation of a cursor on screen using a mouseor keyboard input, tracing of an image on a touch screen device,manipulation using an accelerometer/gyroscope/orientation monitoringdevice. In the above example where the first data results in a video ofan authentication process, the second step can be shaking of the deviceat a certain point in the replayed video of the first authenticationstep.

In another example, a user scans their hand using a biometric scannerwhich could be, for example, a mobile telecommunications device equippedwith a digital camera. The processor in the device equipped with adigital camera. The processor in the device verifies the image as beinga match with a standard and prepares the image from the camera for thenext step. Using augmented reality, the system superimposes anotherimage or group of images around the first image that the viewer can onlysee on the camera screen. The user is prompted to manipulate or interactwith the composite image on the screen of the device. This interactionmay be to move or rearrange items in the augmented reality image bymoving their hand in front of the camera image to move virtual objects.The motions made in front of the camera are identified by the processorand tested against a predetermined set of movements. The authenticationis therefore successfully completed.

In a further example, a user points a camera at a predetermined imagewhich may be an encoded image or code such as used in PopCode™ which isavailable on business cards, t-shirts, tattoos or any other printedmedia. The scanning of the PopCode™ automatically triggers an augmentedreality program to download and display a dynamic visual overlay on theoriginal image. The user interacts in some predetermined way with thecomposite image, such as manipulating a part of the overlay withoriginal image, for example dragging an overlaid object into a hole at acertain time during a song (or alternatively without the audio overlay).This interaction can be a manipulation on the screen or in front of acamera. The correct time-sensitive interaction will authenticate theuser and allow that user to access a file, process, location, etc.

In another example, a mobile communications device is used as part ofthe security procedure for providing access to some other device orlocation. For example, the mobile device can be configured tocommunicate with the further security devices such as a building orvehicle locking device. As a result, to open a door of the building orvehicle the operator must have the correct mobile device which cancommunicate an encrypted code to the locking mechanism. The operatorwould then conduct further authentication steps such as those set outabove including, as an example, to king a photograph of their face usingthe mobile device. This image is then sent to the locking device forauthentication. To complete the authentication process the operatorwould then need to interact with the image and this interaction wouldagain be sent to the locking device for final authentication. As aresult, in order to gain entry the operator must have the correct mobiledevice, must use their own face and know the authentication step. Thismeans that a very secure three layered authentication process isprovided, but the time taken by the operator to gain access is notgreat.

Referring to FIG. 9, this Figure shows a schematic representation ofsome of the input forms that are used in the methods set out above.

It will be appreciated by persons skilled in the art that the aboveembodiments have been described by way of example only and not in anylimitative sense, and that the various alterations and modifications arepossible without departure from the scope of the invention as defined bythe appended claims.

1. A method of providing authentication to control access to a computersystem comprising the steps: using at least one data capture device of acomputing device to capture first data; identifying a matching object inthe first data; testing the matching object against at least one firststandard to determine a first match; upon successfully determining thefirst match, displaying, on a display portion of said computing device,second data being captured by the data capture device, the second dataincluding the matching object; creating one or more dynamic images anddisplaying the one or more dynamic images superimposed on the seconddata being captured by the data capture device and displayed; recordingan interaction between the matching object and the one or more dynamicimages to determine a second match; testing the recording against astored recording to determine a second match; and allowing or denyingaccess on the basis of said first and second matches.
 2. The methodaccording to claim 1, wherein said computing device comprises a mobilecomputing and/or communication device.
 3. The method according to claim1, wherein said dynamic images superimposed on the second data beingcaptured by the data capture device are advertisements.
 4. The methodaccording to claim 1, wherein said second data is a video.
 5. The methodaccording to claim 1, wherein said matching object is a biometricobject.
 6. The method according to claim 3, wherein a user of saidcomputer device is rewarded for using said authentication method.
 7. Themethod according to claim 6, wherein said user authorises informationabout the computer systems the use of said authentication methodprovides access to be fed back to a third party.
 8. A computer productcomprising a processor and non-transient memory, the processor beingconfigured to execute a program stored in the non-transient memory andtransmitted on a data carrier to provide authentication to controlaccess to a computer system, comprising: first computer code for usingat least one data capture device of a computing device to capture firstdata; second computer code for identifying a matching object in thefirst data; third computer code for testing the matching object againstat least one first standard to determine a first match; fourth computercode for, upon successfully determining the first match, displaying, ona display portion of said computing device, second data being capturedby the data capture device, the second data including the matchingobject; fifth computer code for creating one or more dynamic images anddisplaying the one or more dynamic images superimposed on the seconddata being captured by the data capture device and displayed; sixthcomputer code for recording an interaction between the matching objectand the one or more dynamic images to determine a second match; seventhcomputer code for testing the recording against a stored recording todetermine a second match; and eighth computer code for allowing ordenying access on the basis of said first and second matches.
 9. Amethod of providing authentication to control access, comprising thesteps: using at least one data capture device of a computing device tocapture first data; identifying a matching object in the first data;testing the matching object against at least one first standard todetermine a first match; upon successfully determining the first match,displaying, on a display portion of said computing device, second databeing captured by the data capture device, the second data including thematching object; creating one or more dynamic images and displaying theone or more dynamic images superimposed on the second data beingcaptured by the data capture device and displayed; recording aninteraction between the matching object and the one or more dynamicimages to determine a second match, the interaction modifying at leastone property of the one or more dynamic images superimposed on thesecond data; testing the interaction against a stored interaction todetermine a second match; and allowing or denying access on the basis ofsaid first and second matches, the control access controls access to oneor more functions in a computer application implemented by the computerproduct.
 10. A computer product comprising a processor and non-transientmemory, the processor being configured to execute a program stored inthe non-transient memory and transmitted on a data carrier to provideauthentication to control access, the program comprising: first computercode for using at least one data capture device of a computing device tocapture first data; second computer code for identifying a matchingobject in the first data; third computer code for testing the matchingobject against at least one first standard to determine a first match;fourth computer code for, upon successfully determining the first match,displaying, on a display portion of said computing device, second databeing captured by the data capture device, the second data including thematching object; fifth computer code for creating one or more dynamicimages and displaying the one or more dynamic images superimposed on thesecond data being captured by the data capture device and displayed;sixth computer code for recording an interaction between the matchingobject and the one or more dynamic images to determine a second match,the interaction modifying at least one property of the one or moredynamic images superimposed on the second data; seventh computer codefor testing the interaction against a stored interaction to determine asecond match; and eighth computer code for allowing or denying access onthe basis of said first and second matches, wherein the control accesscontrols access to one or more functions in a computer applicationimplemented by the computer product.